Just a quick note to all CISSPs, or other certification-holders from (ISC)2

(ISC)2 is taking a hard stand on CPE submissions and coming down heavy-handed on audits. If you attend an event, even if the event host is an (ISC)2 CPE-Submitter, you need to retain your ‘proof of attendance’ and keep those documents on file. Generally an event host will provide a CPE audit retention sheet at the time of the event, or post-event.

I recently received an audit for my attendance at the RSA Conference in February. While they don’t specify a specific date or time frame you have to respond, I would recommend responding to an audit within 30 days.

Here are some quick tips…

  • Provide your CISSP number to event hosts that are CPE-Submitters
  • Keep and file any documentation, programs and badges from the event
  • If provided, keep the ‘Proof of Attendance’ sheet from the event host
  • Keep supporting docs for 12 months past the 3-year certification cycle you claimed the CPEs in

For more information, visit the official (ISC)2 site.

# # #


Author, speaker, and recognized authority on network and wireless security architectures, Jennifer (JJ) Minella helps organizations solve technical problems and align teams.

View all posts


  • All the talk keep the status of the certification. If you can provide it will not stop you from getting the credit. You just have to attest and write an email.

  • What happens if you fail to provide required documents?
    Do you just miss those CPE points, or?